Analysis
-
max time kernel
38s -
max time network
42s -
platform
windows7_x64 -
resource
win7-20220715-en -
resource tags
arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system -
submitted
03-08-2022 08:24
Behavioral task
behavioral1
Sample
b83ad7203852ec7e3c5ec3e1114825320f2e25eb3262300716136e51ec0d7177.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
b83ad7203852ec7e3c5ec3e1114825320f2e25eb3262300716136e51ec0d7177.exe
Resource
win10v2004-20220721-en
General
-
Target
b83ad7203852ec7e3c5ec3e1114825320f2e25eb3262300716136e51ec0d7177.exe
-
Size
5.8MB
-
MD5
9c7548d6a16cd7107912da73c986c131
-
SHA1
7cf1da1b1f8cdd2759625c8af80ffc2ff2e0027d
-
SHA256
b83ad7203852ec7e3c5ec3e1114825320f2e25eb3262300716136e51ec0d7177
-
SHA512
27a740f2a3e21e96bc45c0b7eb7d94fe486a0d562c8a2395e7f29a4a2a5260d5df3b05d5d9be2c91159b92c126fa390c777d4ad9cee7bef3d78d015b10d1b83c
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral1/memory/2016-55-0x0000000000400000-0x0000000000D8E000-memory.dmp vmprotect behavioral1/memory/2016-57-0x0000000000400000-0x0000000000D8E000-memory.dmp vmprotect behavioral1/memory/2016-58-0x0000000000400000-0x0000000000D8E000-memory.dmp vmprotect -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
b83ad7203852ec7e3c5ec3e1114825320f2e25eb3262300716136e51ec0d7177.exepid process 2016 b83ad7203852ec7e3c5ec3e1114825320f2e25eb3262300716136e51ec0d7177.exe 2016 b83ad7203852ec7e3c5ec3e1114825320f2e25eb3262300716136e51ec0d7177.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2016-54-0x0000000076291000-0x0000000076293000-memory.dmpFilesize
8KB
-
memory/2016-55-0x0000000000400000-0x0000000000D8E000-memory.dmpFilesize
9.6MB
-
memory/2016-57-0x0000000000400000-0x0000000000D8E000-memory.dmpFilesize
9.6MB
-
memory/2016-58-0x0000000000400000-0x0000000000D8E000-memory.dmpFilesize
9.6MB